CVE-2025-15131

Medium CVSS: 5.3

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.

Vendor

Zspace

Product

Z4pro\+ Firmware

CWE

CWE-74

Yayın Tarihi

2025-12-28 10:15:41

Güncelleme

2026-01-07 21:39:23

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-74 Z4pro\+ Firmware MEDIUM Zspace 2025

Referanslar

https://github.com/LX-66-LX/cve/issues/1 https://vuldb.com/?ctiid.338509 https://vuldb.com/?id.338509 https://vuldb.com/?submit.713874

Benzer Kayıtlar

Medium

CVE-2025-69431

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB dri…

Medium

CVE-2025-15133

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe…

Medium

CVE-2025-15132

A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of th…

High

CVE-2025-14107

A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function…

High

CVE-2025-14108

A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.O…

High

CVE-2025-14106

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2_api.CloseSafe of th…